﻿using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Controllers;
using ProjectScheduling_web.Controllers.Staff;
using ProjectScheduling_web.dao;
using System.Reflection;

namespace ProjectScheduling_web
{
    public class CheckLoginHandler(RequestDelegate next)
    {
        private readonly RequestDelegate _next = next;

        public async Task Invoke(HttpContext context)
        {
            if (context.Request.Method != HttpMethods.Options)
            {
                var endpoint = context.GetEndpoint();
                if (endpoint != null)
                {
                    var controllerActionDescriptor = endpoint.Metadata.GetMetadata<ControllerActionDescriptor>();
                    if (controllerActionDescriptor != null)
                    {
                        var hasAllowAnonymous = controllerActionDescriptor.MethodInfo.GetCustomAttributes<AllowAnonymousAttribute>()?.Any() == true;
                        var isApp = controllerActionDescriptor.ControllerTypeInfo.GetCustomAttributes<AppAttribute>()?.Any() == true;
                        if (isApp)
                        {

                            if (!hasAllowAnonymous)
                            {
                                if (context.Request.Headers.TryGetValue("u_id", out var u_id))
                                {

                                    var staff = StaffDao.Base.Find(Convert.ToInt32(u_id));
                                    if(staff != null)
                                    {
                                        context.Items["Me"] = staff;
                                    }
                                    else
                                    {
                                        context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                                        context.Response.WriteAsync("未授权的访问").Wait();
                                        return;
                                    }
                                }
                            }
                            await _next(context);
                            return;
                        }

                        if (!hasAllowAnonymous)
                        {
                            if (context.Request.Headers.TryGetValue("Token", out var token))
                            {
                                context.Items["Current_Token"] = token;
                                var obj = MemberDao.Base.Find(it => it.Token == token);
                                context.Items["Current_Msg"] = obj;
                                if (obj == null)
                                {
                                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                                    context.Response.WriteAsync("未授权的访问").Wait();
                                    return;
                                }
                            }
                        }
                    }
                }
            }
            await _next(context);
        }
    }
}
